Flex splits your bills into smaller, stress-free payments throughout the month. Start today with your rent bill!
Senior Security Engineer
Location
United States
Posted
92 days ago
Salary
$132K - $195K / year
Seniority
Senior
Job Description
Senior Security Engineer
Flex
Flex is a growth-stage, NYC headquartered FinTech company that is creating the best rent payment experience. It’s hard to believe that it’s 2026 and paying rent on time is expensive, inflexible, and difficult. We’re here to change that! Flex enables our users to pay rent throughout the month on a schedule that better fits their finances and budget. Our mission is to empower as many renters as possible with flexibility over their most significant recurring expense. After deliberately keeping a stealth profile as we built up unprecedented investor support and an enthusiastic user base, we are looking for motivated individuals to help us keep our mission growing. Will you be a part of the team? About the Role Flex is looking for a Senior Security Engineer to support product security across our fintech platform. You'll be part of our product security focus on a lean, high-impact security team — partnering directly with product and engineering teams across Housing, Control Center, and Platform to ensure security is built in from design through deployment. This role reports to the Head of Security. What You'll Do - Own product security reviews end-to-end: threat modeling, security architecture review, and design consultation for new features and services - Lead security design reviews for Flex's payment processing, account management, and partner integration platforms - Drive the secure development lifecycle (SDLC) across engineering teams — shifting security left through tooling, process, and education - Perform application security assessments, code review, and penetration testing for critical product surfaces - Respond to and investigate complex security incidents; lead post-incident analysis and remediation - Build security automation and tooling to scale product security reviews (AI-assisted review tools, SAST/DAST pipeline integration) - Translate complex security concepts for cross-functional stakeholders and drive security adoption across product and engineering - Contribute to security standards, frameworks, and architectural patterns that guide organization-wide practices What You'll Bring Must Have: - 5+ years of experience in application security, product security, or security engineering - Proven experience with threat modeling frameworks (STRIDE, DREAD, attack trees) applied to real production systems - Strong application security skills: OWASP Top 10, API security, authentication/authorization design, secure coding practices - Experience conducting security code reviews and penetration testing - Proficiency with cloud security in AWS environments - Strong understanding of compliance frameworks relevant to fintech (SOC 2, PCI DSS, NYDFS) - Ability to own security projects from conception to completion with minimal oversight - Excellent written and verbal communication — ability to translate security risk into business impact Nice to Have: - Experience in fintech, payments, or financial services - Experience building or operating security automation tools (SAST/DAST, security review tooling) - Security Champions program development experience - Relevant certifications (OSCP, GWAPT, CISSP, or equivalent) - Experience with bug bounty program management - Familiarity with AI/ML security considerations (prompt injection, agent identity, credential isolation) Why This Role - Dedicated product security engineer — excellent opportunity to define how product security works at Flex - Direct executive visibility: this role's work is a CTO/CRO priority - Small team, outsized impact: 4-person security team supporting 100+ engineers - Strong AI-forward culture: team has shipped AI-powered security review tools and embraces engineering tooling innovation - Distributed team with async-first culture Flex takes a market-based approach to pay, and compensation may vary depending on your primary work location. Work locations are categorized into one of three tiers based on a cost of labor index for that geographic area. The successful candidate’s starting pay will be commensurate with their experience, qualifications, and Flex’s internal leveling guidelines and benchmarks. - Tier A (NYC/SF): $156,000—$195,000 USD - Tier B: $140,400—$175,500 USD - Tier C: $132,600—$165,750 USD #LI-Remote Life at Flex: We understand that it takes a diverse team of highly intelligent, curious, determined, empathetic, and self aware people to grow a successful company. Our HQ is located in New York City, but we have employees located throughout the US, Australia, Canada and South America. We are growing quickly, but deliberately, with a focus on building an inclusive culture. Our dynamic team has incredible perspectives to share, just as we know you do, and we take great pride in being an equal opportunity workplace. We offer many employee benefits & perks. For full-time U.S based positions we offer: - Competitive medical, dental, and vision available from Day 1 - Company equity - 401(k) plan with company match (our company match kicks off at the beginning of 2026) - Unlimited paid time off + 13 company paid holidays - Parental leave - Flex Cares Program - Free Flex subscription For full time non-US employees, we offer - Competitive compensation + company equity - Unlimited PTO
Job Requirements
- 5+ years of experience in application security, product security, or security engineering
- Proven experience with threat modeling frameworks (STRIDE, DREAD, attack trees) applied to real production systems
- Strong application security skills: OWASP Top 10, API security, authentication/authorization design, secure coding practices
- Experience conducting security code reviews and penetration testing
- Proficiency with cloud security in AWS environments
- Strong understanding of compliance frameworks relevant to fintech (SOC 2, PCI DSS, NYDFS)
- Ability to own security projects from conception to completion with minimal oversight
- Excellent written and verbal communication — ability to translate security risk into business impact
- Experience in fintech, payments, or financial services
- Experience building or operating security automation tools (SAST/DAST, security review tooling)
- Security Champions program development experience
- Relevant certifications (OSCP, GWAPT, CISSP, or equivalent)
- Experience with bug bounty program management
- Familiarity with AI/ML security considerations (prompt injection, agent identity, credential isolation)
Benefits
- Competitive medical, dental, and vision available from Day 1
- Company equity
- 401(k) plan with company match (our company match kicks off at the beginning of 2026)
- Unlimited paid time off + 13 company paid holidays
- Parental leave
- Flex Cares Program
- Free Flex subscription
Related Guides
Related Categories
Related Job Pages
More Security Engineer Jobs
• Plan, develop, implement, and update the company’s information security strategy for infrastructure and software development. • Develop, execute and track the performance of security measures to protect information and network infrastructure and computer systems. • Identify, define and document system security requirements and recommend solutions to management. • Configure, troubleshoot and maintain security infrastructure, software and hardware. • Install software that monitors systems and networks for security breaches and intrusions. • Monitor systems for irregular behavior and set up preventive measures. • Educate and train staff on information system security best practices for software development. • Ensure processes are followed and effective technical feasibility analysis is conducted when developing solutions
Cybersecurity Specialist
AbbottJob Family: Sales Force Division: EPD Established Pharma Location: INDIA > BIHAR > PATNA : Remote
• Assist with the development and delivery of cybersecurity requirements for product software releases and help respond to customer security questions. • Support efforts to protect manufacturing and product assets by helping implement security controls, participating in vulnerability assessments, documenting risks, and escalating findings to senior team members. • Contribute to third‑party vendor and supplier security reviews using established criteria and guidance. • Support ongoing compliance and governance activities by tracking action items, updating documentation, and assisting with policy reviews. • Help prepare materials for internal and external audits, monitor security dashboards, maintain asset inventory records, and participate in incident response activities under guidance from senior staff. • Contribute to cybersecurity documentation and follow established processes to ensure tasks are completed consistently. • Collaborate with development and operations teams to help implement monitoring and security solutions for stand‑alone and embedded product software and supporting applications. • Participate in software security reviews and assist in identifying potential security issues using defined tools and methodologies. • Help support the security of applications and computing assets across public, private, and hybrid cloud environments. • Assist with implementing security controls to support compliance with applicable privacy, security, and resiliency requirements under the direction of senior team members. • Assist with the administration and monitoring of security systems and configurations, following documented standards and procedures. • Support troubleshooting activities and participate in incident response exercises and investigations for product and supporting applications. • Contribute to remediation efforts by helping track, document, and verify the resolution of security assessment findings. • Support vulnerability and threat management activities by assisting with identification, logging, and follow‑up of security issues using approved tools and workflows. • Participate in cross‑functional security initiatives by attending meetings, completing assigned implementation tasks, and supporting delivery timelines for security projects. • Help prepare training materials and share guidance with teams to increase awareness of common security risks and prevention practices. • Assist in the preparation of security metrics and reports by collecting data and helping update monthly site security dashboards aligned with global reporting standards. • Support Secure Lifecycle Process (SLP) activities, including cybersecurity assessments and basic threat modeling exercises, under senior supervision to help identify potential risks throughout the software development lifecycle.
Security Architect
TebraWe empower independent practices to bring modernized care to patients everywhere.
• Design and implement robust security architectures for Tebra’s hybrid and cloud environments • Drive strategy to strengthen overall security posture and ensure compliance (SOC2, HITRUST, PCI DSS) • Embed security into the platform through DevSecOps integration • Own strategy for Cloudflare ecosystem and architect WAF rules • Lead design of security controls within Google Cloud Platform • Architect security for Kubernetes environments • Embed security into CI/CD pipelines using Infrastructure as Code • Lead threat modeling and incident response efforts
• Responsible for utilizing international security expertise to assess current and potential security threats, develop risk mitigation strategies and security plans, to establish proper security measures for the protection of Raytheon personnel and locations • Collaborate with stakeholders to develop, revise or update policies and strategic risk assessments for current and projected business initiatives/locations • Support Strategic Business Units as it relates to global captures and program support • Coordinate international duty of care and evacuation operations, working with vendors and employees. • Manage the International Physical Security Assessment Program to ensure an accurate and timely review, and documentation of site physical security standard requirements • Collaboration with Business Resilience Crisis Management in the development of International Incident Response Plan (IIRP) and regionally based Tabletop Exercises • Provide direct support to programs and personnel by managing security-related incidents, investigations, crisis-management and potential counterintelligence incidents • Collaborate with the RTX Travel Security team to ensure a comprehensive effort for safety of all Raytheon expatriates and international travelers • Collaborate with internal and external stakeholders to evaluate and approve hotels, lodging options for events, business travelers, and deployments. • Develop relationships with key government and law enforcement/intelligence officials, private sector counterparts, US Embassy/OSAC elements and security vendors to ensure appropriate knowledge and ability to support security requirements and services • Develop tailored threat briefings to in country and business travelers when deemed necessary • Collaborate with internal and external stakeholders to support executive protection for Raytheon Senior Leadership Team members on international trips to high-risk destinations • Collaborate with internal and external stakeholders to support international events involving Raytheon employees • Work in concert with Global Trade to develop physical security mitigation plans to meet USG and RTX standards related to protection of “controlled” information • Provide support, guidance and assistance with Raytheon Enterprise Supplier Evaluations (RESA) efforts • Work extended hours in a fast-paced deadline driven environment and be available outside scheduled work hours to support business execution requirements • Travel both domestically and internationally up to 25% of the time
